Windows Firewire flaw leaves systems at risk

Some security researchers are very benign and forgiving when it comes to exploit discovery, and will give developers ample time to patch their products before going public. Such was the case with a fairly serious flaw in Windows that could allow total system compromise via Firewire ports.

Unfortunately, however, Microsoft never patched the flaw. Now, two years after initially announcing in, researcher Adam Boileau has gone public with the flaw demonstrating how it works. Essentially, any Windows system that can be locked and just as easily unlocked with this exploit. Microsoft has usually downplayed security flaws that require physical access. In this case we agree that perhaps for a home user this couldn't have much of an impact, but for an enterprise where there might be hundreds or even more machines storing critical information, it could be a very serious problem. With no known fix from Microsoft, the suggested workaround is to disable Firewire when not in use.